Dion difficult Q

Question 1

A company suffers an outage due to a bad module in a core switch. What is the NEXT step to conduct in troubleshooting?

• Gather information, start at the top of the OSI model, and work down.
• Establish plan of action to solve the problem.
• Establish a theory, identify the problem, duplicate the problem, test the theory and repeat
• Gather information, start at the bottom of the OSI model and work up.

Answer 1

Establish plan of action to solve the problem.

Explanation

If the technician has already discovered the issue, the symptoms have already been identified. Testing the theory comes after you have established a theory, which can only come once the issue has been discovered. Establishing a theory of probable cause allows you to continue with the next steps in troubleshooting the issue.

Question 2

Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue?

• Increase the maximum log size
• Log into the DNS server every hour to check if the logs are full
• Install an event management tool
• Delete the logs when full

Answer 2

Install an event management tool​

Explanation

Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database, if needed.

Question 3

A company has a secondary datacenter in a remote location. The cable management and power management are handled by the data center staff, while the building’s security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices?

• Secure the patch panels
• Ensure power monitoring is enabled
• Ensure rack security
• Secure teh UPS units

Answer 3

Ensure rack security​

Explanation

By ensuring rack security such as locks, RFID card locks, and swing handles, the technician adds an extra layer of security to the servers which is a best practice.

Question 4

Which of the following connector types is used to terminate DS3 connections in a telecommunications facility?

• 66 block
• BNC
• F-connector
• RJ-11

Answer 4

BNC

Explanation

Bayonet Neill-Concelman Connector (BNC connector) is a type of coaxial RF (Radio frequency) electrical connector that is used in place of coaxial connectors. A DS3 (Digital Signal 3) is also known as a T3 line with a maximum bandwidth of 44.736 Mbit/s. DS3 uses 75 ohm coaxial cable and BNC connectors.

Question 5

What would provide the highest level of physical security for the client if they are concerned with theft of equipment from the datacenter?

• Cipher lock
• Proximity reader
• Magnetic key swipe
• Man trap

Answer 5

Man trap​

Explanation

A man trap will ensure that only a single authorized person can get in or out of the building at one time. It provides the highest level of physical security among the choices given.

Question 6

Jason wants to use his personal cell phone for work-related purposes. Because of his position in the company, Jason has access to sensitive company data which might be stored on his cell phone during its usage. The company is concerned about this but believes with the proper security controls in place it might be acceptable. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes?

• Establish a consent to monitoring policy so that the cmpany can audit Jason’s cell phone usage
• Establish a AUP that allows a personal phone to be used for work-related purposes
• Conduct real-time monitoring of the phone`s activity and usage
• Establish an NDA that states Jason cannot share the confidential data with others

Answer 6

Conduct real-time monitoring of the phone`s activity and usage

Explanation

While all four are good options, the BEST solution is to conduct real-time monitoring of the phone’s activity since it is a technical control that could identify an issue quickly. The other options are all administrative controls (policies), which are useful, but would not actually identify if the sensitive data was leaked from Jason’s phone.

Question 7

An outside technician notices that a SOHO employee who is logged into the company VPN has an unexpected source IP address. What is the employee MOST likely using?

• Proxy server
• Least-cost routing
• IPv6
• VPN concentrator

Answer 7

Proxy server

Explanation

Proxy servers are just different computers that serve as a hub where Internet requests are processed. When you are connected to a proxy, your computer sends request to that server and then returns your answers to the proxy server before forwarding the data to the requesting computer.

Question 8

A company has added a lot of new users to the network that is causing an increase in network traffic by 200%. Original projection by the engineers was that the new users would only add 20-30% more network traffic, not 200%. The network administrator suspects that a compromise of the network may have occurred. What should the network administrator have done previously to prevent this network breach?

• Create VLANs to segment the network traffic
• Place a network sniffer on segments with new employees
• Provide end user awareness and training for employees
• Ensure best practices were implemented when creating new user account​​​
  ​

Answer 8

Provide end user awareness and training for employees

Explanation

With new employees entering a company, often they are not fully aware of the company’s Internet usage policy and safe Internet practices. Providing end user awareness and training for new employees help reduce the company’s vulnerability to malicious entities on the Internet.

Question 9

A network technician discovers an issue with spanning tree on the core switch. Which step should the network technician perform NEXT when troubleshooting to resolve the issue?

• Test a pheory to determine the cause
• Escalate to a senior technician
• Identify the symptoms
• Establish a theory of probable cause

Answer 9

Establish a theory of probable cause

Explanation

If the technician has already discovered the issue, the symptoms have already been identified. Testing the theory comes after you have established a theory, which can only come once the issue has been discovered. Establishing a theory of probable cause allows you to continue with the next steps in troubleshooting the issue.

Question 10

A user reports slow computer performance. A technician troubleshooting the issue uses a performance monitoring tool and receives the following results: Avg % Processor Time =10% Avg Pages/Second = 0 Avg Disk Queue Length = 3 Based on the results, what might be causing a bottleneck in performance?

• Hard drive
• Memory
• Processor
• NIC

​

Answer 10

Hard drive

Explanation

Based on the results, the hard drive (disk queue) is causing the bottle neck. Since the average processor is not over 50%, the pages/second (memory) is not heavily burdened, nor do we have any information on the NIC.

Question 11

A system administrator wants to verify that external IP addresses are unable to collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?​

• Analyze packet captures
• Utilize netstat to locate active connections
• Use nmap to query known ports​
• Review the ID3 logs on the network​​​

Answer 11

Analyze packet captures

Explanation

Captured packets show you the information that was travelling through certain files, etc. Packet sniffers detail the information they’ve received, so working through those would show if the external network shows or details software versions.

Question 12

An administrator has a virtualization environment that includes a vSAN and iSCSI switching. Which of the following actions could the administrator take to improve the performance of data transfers over iSCSI switches?

• ​The administrator should configure the switch port to auto-negotiate the proper Ethernet settings
• The administrator should configure each vSAN participant to have its own VLAN.
• The administrator should connect the iSCSI switches to each other over inter-switch links (ISL).
• The administrator should set the MTU to 9000 on each of the participants in the vSAN.​

​

Answer 12

The administrator should set the MTU to 9000 on each of the participants in the vSAN.​

Explanation

When using an iSCSI SAN (with iSCSI switching), we can improve network performance by enabling ‘jumbo frames’. A jumbo frame is a frame with an MTU of more than 1500. By setting the MTU to 9000, there will be fewer but larger frames going over the network. Enabling jumbo frames can improve network performance by making data transmissions more efficient.

Question 13

Dion Training has created a guest wireless network for students to use during class. This guest network is separated from the corporate network for security. Which of the following should be implemented to require the least amount of configuration for a student to be able to access the Internet over the guest network?

• Enable SSID broadcast for the guest wireless network
• Enable two-factor authentication on the student’s device
• Configure the access point to 802.1x for authentication
• Configure WEP with a pre-shared key​​​​

Answer 13

Enable SSID broadcast for the guest wireless network

​

Explanation

Since security was not listed as a requirement for the guest wireless network, it would be easiest to not setup any encryption, passwords, or authentication mechanisms on the network. Instead, you should simply enable the SSID broadcast for the guest network so students can easily find and connect to it.

Question 14

Sally in the web development group has asked for your assistance in troubleshooting her latest website. When she attempts to connect to the web server as a user, her web browser issues a standard HTTP request, but continually receives a timeout response in return. You decided that to best troubleshoot the issue, you should capture the entire TCP handshake between her workstation and the web server. Which of the following tools would BEST allow you to capture and then analyze the TCP handshake?

• ​Protocol analyzer
• Packet sniffer
• Spectrum analyzer
• Tone generator

​

Answer 14

​Protocol analyzer

Explanation

A protocol analyzer or packet analyzer (like Wireshark) has the capability to capture the handshake and display it for analysis. A packet sniffer, though, will only capture the handshake. Neither a spectrum analyzer or a tone generator would be helpful in this situation.

Question 15

Your company wants to develop a voice solution to provide 23 simultaneous connections using VoIP. Which of the following technologies could BEST provide this capability?

• DOCSIS
• T1
• DSL
• POTS

​

​

Answer 15

T1

Explanation

A T1 can transmit 24 telephone calls at a time because it uses a digital carrier signal (DS-1). DS-1 is a communications protocol for multiplexing the bit streams of up to 24 telephone calls simultaneously. The T1’s maximum data transmission rate is 1.544 mbps. DOCSIS is the standard for a cable modem. DSL is a Digital Subscriber Line which has variable speeds from 256 kbps and up. POTS is the Plain Old Telephone System, and provides only a single phone connection at a time. Out of these options, the T1 is the BEST to ensure you can reliably provide 23 simultaneous phone connections.

Question 16

An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request come directly from management, and there is no time to go through the emergency change management process. Which of the following should the technician do?

• ​Wait until the maintenance window and make the requested change
• First document the potential impacts and procedures related to the change
• Send out a notification to the company about the change
• Make the change, document the requester, and document all network changes

​

Answer 16

Make the change, document the requester, and document all network changes

Explanation

While this is a difficult situation, the best answer is to make the change, document the requester, and document all the network changes. Since the request came directly from management, if they have sufficient authority to authorize the change, it can be performed outside of the emergency change control process. This should be a RARE occurrence.

Question 17

A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using an internal IP address?

• ​Place the server in the DMZ
• Configure NAT on the firewall
• Implement a split horizon DNS
• Adjust the proper internal ACL

​

​

​

Answer 17

Implement a split horizon DNS

Explanation

Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for internal and external networks as a means of security and privacy management.

Question 18

Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as challenge/response and password encryption?

• Multi-factor authentication
• ISAKMP
• TACACS+
• Network access control​​

Answer 18

TACACS+

Explanation

TACACS+ is a AAA (accounting, authorization, and authentication) protocol to provide AAA services for access to routers, network access points, and other networking devices

Question 19

What is BEST used to perform a one-time temporary posture assessment in a NAC environment?

• Host-based firewall
• Antivirus
• Intrusion prevention system
• Non-persistent agent

​

​

​

​

Answer 19

Non-persistent agent

Explanation

A non-persistent agent is used to access the device during one-time check-in at login. This is beneficial in BYOD (Bring Your Own Device) policies.

Question 20

ou are troubleshooting your company’s T-1 connection to your ISP. The ISP has asked you to place a loopback on the device which connects your T-1 line to their central office. Which of the following devices should you connect the loopback plug on?​

• Fiber optic modem
• Digital subscriber line modem
• Channel remote module
• Channel service unit​​

Answer 20

Channel service unit​​

Explanation

The CSU/DSU terminates a T1 line at the customer’s site. Therefore, the CSU (Channel Service Unit) should have the loopback plug attached to test the connection.

Question 21

Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection?​

• TKIP
• ISAKMP
• AES
• Kerberos​​​

Answer 21

ISAKMP

Explanation

ISAKMP is used in IPSec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection.

Question 22

An administrator’s router with multiple interfaces uses OSPF. When looking at the router’s status, it is discovered that one interface is not passing traffic. Given the information below, what would resolve this issue? Output: Fast Ethernet 0 is up, line protocol is down Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets

• Put the IP address in the right broadcast domain
• Set OSPF to area 0
• Replace the line card
• Set the loopback address
• Enable the connecting port​​​​

Question 23

A company is experiencing accessibility issues reaching services on a cloud-based system. What monitoring tools should be used to locate possible outages?

• Packet analyzer
• Protocol analyzer
• Network analyzer
• Network sniffer​

​

​

Answer 23

Network analyzer

Explanation

A network analyzer is a useful tool, helping you do things like track traffic and malicious usage on the network. A software tool like Wireshark is a network analyzer and protocol analyzer.

Question 24

A network architect is designing a highly-redundant network with a distance vector routing protocol in order to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize?

• Hold down timers
• Spanning tree
• Split horizon
• Route poisoning​​​​

Answer 24

Route poisoning

Explanation

The Route poisoning setting in Cisco’s Split Horizon is what prevents routing loops and shows the failed routes.

Question 25

Workers in a company branch office are required to visit an initial web page and click the “I agree” button prior to being able to surf the web. Which of the following is this an example of?

• An end-user license agreement
• An SLA
• An AUP
• An MOU​

Answer 25

An AUP

Explanation

AUP stands for acceptable use policy. If you’re agreeing to what you can and can’t view, you’re agreeing to the policy. MOU is memo of understanding which typically contains an agreement on certain actions. SLA is service-level agreement which is usually made between two companies to state what level of service is expected if machines go down, etc., and when they can expect to be back up and running.